Personal digital identity device with near field and non near field radios for access control

ABSTRACT

A personal digital ID device provides a digital identifier to a service for a predetermined duration in response to user interaction. The user interaction may include a button press. The personal digital ID device may be in the form of a bracelet, a key fob, or other form factor. The service may be provided by a mobile device, in the cloud, or elsewhere.

FIELD

The present invention relates generally to mobile devices, and morespecifically to identity representation in mobile devices.

BACKGROUND

Mobile devices typically authenticate to cloud services using passwords.For example, as shown in FIG. 1, a mobile device 100 may prompt a userfor a password in order access a cloud service 102. This operation isalso shown in FIG. 2, where an application is started on the mobiledevice, and then a user enters a password to access the cloud service.

As an example, a user may open a web browser on a smartphone (or anyother app on the mobile device) and then navigate to a merchant'swebsite (cloud service). The merchant web site then prompts for theuser's password prior to allowing the user access to the user's accountat the merchant. The user's account at the merchant may store sensitiveinformation such as credit card numbers, addresses, phone numbers, andthe like.

Password-based cloud service authentication is vulnerable to hacking. Ifa hacker gains access to a password file (storing hashed passwords) fromthe merchant, then the universe of hashed password values can becompared to entries in the password file to gain access to individualuser accounts. Sensitive user information may be compromised as aresult.

BRIEF DESCRIPTION OF THE DRAWINGS

FIGS. 1 and 2 show a mobile device authenticating to a cloud service inaccordance with the prior art;

FIG. 3 shows a block diagram of a personal digital identity deviceinteracting with a user and a mobile device in accordance with variousembodiments of the present invention;

FIG. 4 shows a personal digital identity device interacting with amobile device and cloud service in accordance with various embodimentsof the present invention;

FIG. 5 shows a user interacting with the personal digital identitydevice of FIG. 4;

FIGS. 6, 7, and 8 show block diagrams of personal digital identitydevices in accordance with various embodiments of the present invention;

FIG. 9 shows a personal digital identity device interacting with alaptop computer and cloud service in accordance with various embodimentsof the present invention;

FIG. 10 shows a personal digital identity device interacting with apoint of sale terminal in accordance with various embodiments of thepresent invention;

FIG. 11 shows a personal digital identity device with a removablecrypto/cipher engine in accordance with various embodiments of thepresent invention;

FIG. 12 shows a personal digital identity device with a fingerprintsensor in accordance with various embodiments of the present invention;

FIG. 13 shows a user interacting with the personal digital identitydevice of FIG. 12;

FIG. 14 shows a personal digital identity device with a motion sensor inaccordance with various embodiments of the present invention;

FIGS. 15 and 16 show users interacting with the personal digitalidentity device of FIG. 14;

FIG. 17 shows a personal digital identity device with an imager inaccordance with various embodiments of the present invention;

FIG. 18 shows a user interacting with the personal digital identitydevice of FIG. 17;

FIG. 19 shows a personal digital identity device with a microphone inaccordance with various embodiments of the present invention;

FIG. 20 shows a user interacting with the personal digital identitydevice of FIG. 19;

FIG. 21 shows a personal digital identity device with a connector;

FIG. 22 shows an alternate form factor personal digital identity devicein accordance with various embodiments of the present invention; and

FIGS. 23-25 show flowcharts of methods in accordance with variousembodiments of the present invention.

DESCRIPTION OF EMBODIMENTS

In the following detailed description, reference is made to theaccompanying drawings that show, by way of illustration, variousembodiments of an invention. These embodiments are described insufficient detail to enable those skilled in the art to practice theinvention. It is to be understood that the various embodiments of theinvention, although different, are not necessarily mutually exclusive.For example, a particular feature, structure, or characteristicdescribed in connection with one embodiment may be implemented withinother embodiments without departing from the scope of the invention. Inaddition, it is to be understood that the location or arrangement ofindividual elements within each disclosed embodiment may be modifiedwithout departing from the scope of the invention. The followingdetailed description is, therefore, not to be taken in a limiting sense,and the scope of the present invention is defined only by the appendedclaims, appropriately interpreted, along with the full range ofequivalents to which the claims are entitled. In the drawings, likenumerals refer to the same or similar functionality throughout theseveral views.

FIG. 3 shows a block diagram of a personal digital identity deviceinteracting with a user and a mobile device in accordance with variousembodiments of the present invention. Personal digital identity (ID)device 300 is shown communicating with mobile device 330 over a radiolink. In some embodiments, personal digital ID device 300 stores adigital identifier that is provided to mobile device 330 only after auser interacts with device 300. For example, the radio link may beavailable only after user interaction with personal digital ID device300. Mobile device 330 may be any electronic device such as asmartphone, table, personal computer, laptop, phablet, mobile phone, settop box, kiosk, point of sale terminal, or the like.

The digital identifier provided by personal digital ID device 300 may beused for authentication. For example, the user in possession of personaldigital ID device 300 may interact with the device for the purpose ofauthenticating to mobile device 330 or authenticating to a service incommunication with mobile device 300. Personal digital ID device 300 maytake any form. For example, personal digital ID device 300 may be abracelet, a card, a key fob, or the like.

FIG. 4 shows a personal digital identity device interacting with amobile device and cloud service in accordance with various embodimentsof the present invention. Personal digital ID device 400 communicateswith mobile device 330 over radio link 402, and mobile device 330communicates with a cloud service 440 over radio link 432. Thecombination of elements shown in FIG. 4 may be advantageously used toincrease security when accessing cloud services using a mobile device.

In some embodiments, the radio link 402 is a near-field radio link andin other embodiments, the radio link 402 is a non-near-field radio link.For example, radio link 402 may be a BLUETOOTH™ radio link(non-near-field), or may be a near field communications (NFC) radio link(near-field) such as an ISO 14443 compatible radio link, an ISO 18092compatible radio link, or an IEEE 802.15.4 compatible radio link.

As used herein, the term “near-field” refers to communication protocolsand compatible radios in which the maximum intended communicationdistance is less than the wavelength of the radio wave used for thatcommunication. ISO 14443 (NFC) is an example of near-field because thewavelength is on the order of 870 inches and the intended communicationdistance is only a few inches. All communications protocols andcompatible radios that are not near-field are referred to herein as“non-near-field.” An example of a non-near-field protocol is BLUETOOTH′because the wavelength is on the order of 4.5 inches and the intendedcommunication distance is typically much greater than 4.5 inches. Theuse of the term “non-near-field radio” is not meant to imply that thedistance of communication cannot be less than the wavelength for thenon-near-field radio.

Communication link 432 between mobile device 330 and cloud service 440may be any type of link that is possible between a mobile device andcloud service. For example, communication link 432 may be a radio linksuch as a cell phone signal or a WiFi signal, or may be a wired linksuch as a universal serial bus (USB) or Ethernet link.

Personal digital ID device 400 includes button 410 and light emittingdiodes (LEDs) 420. In some embodiments, personal digital ID device 400includes a housing in the shape of a personal accessory. For example,personal digital ID device 400 is shown as a bracelet in FIG. 4. In someembodiments the housing is flexible, such that the personal digital IDdevice may be stretched. In other embodiments, the housing is rigid. Oneskilled in the art will understand that personal digital ID device 400may be constructed from various different materials to achieve a desiredlevel of pliability, and constructed in various different shapes andsizes.

In operation, a user may start an app on mobile device 330 with theintention of accessing cloud services 440. The app then prompts the userto press button 410 on personal digital ID device 400. Personal digitalID device 400 then communicates with mobile device 330 over radio link402. In some embodiments, personal digital ID device 400 includessecurity hardware that provides a secure level of authentication onlyafter button 410 is pressed. In these embodiments, user interaction(button press) with personal digital ID device 400 is required beforeauthentication can take place.

In some embodiments, secure authentication may take place betweenpersonal digital ID device 400 and mobile device 330. For example, abutton press may make security hardware within personal digital IDdevice 400 available for authentication purposes for a predeterminedperiod of time. Mobile device 330 may then communicate with securityhardware within personal digital ID device 400 to authenticate the userto the mobile device.

In other embodiments, secure authentication may take place betweenpersonal digital ID device 400 and cloud service 440. For example, abutton press may make security hardware within personal digital IDdevice 400 available for authentication purposes for a predeterminedperiod of time. Cloud service 440 may then communicate with the securityhardware within personal digital ID device 400 to authenticate the userto the cloud service. Because personal digital ID device 400 uses radiolink 402 to reach mobile device 330 which in turn uses communicationlink 432 to reach a service 440, one can say that in some embodimentspersonal digital ID device 400 is able to communicate with service 440with the mobile device 330 as an intermediary. In these embodiments,both mobile device 330 and personal digital ID device 400 are used forsuccessful access to service 440.

Because personal digital ID device 400 requires user interaction beforemaking the security hardware available, a user must be in possession ofpersonal digital ID device 400 in order to be authenticated. This issignificantly more robust than a password-only authentication method.Hackers are unable to hack in to a user's account using softwaretechniques alone.

Button 410 is an example of a hardware-based interaction device.Authentication is only possible after the user interacts with thehardware-based interaction device. The various embodiments of thepresent invention are not limited to a button. For example, any type ofhardware interaction may be employed without departing from the scope ofthe present invention. Additional examples of hardware-basedinteractions devices are described below.

Light emitting diodes 420 may be used for any purpose. For example, insome embodiments, LEDs 420 are used to provide the user with stateinformation such as battery level or connection state. In someembodiments, LEDs 420 include at least one red LED and at least onenon-red LED. Battery charge information may be provided by illuminatinga number of non-red LEDs corresponding to the charge remaining. When alow battery level exists, one or more red LEDs may be illuminated. Asshown in FIG. 4, LEDs 420 may be located in a line on personal digitalID device 400, but this is not a limitation of the present invention.

An example authentication sequence between personal digital ID device400 and cloud service 440 is now described. This example uses an onlinebookseller as the cloud service, a smartphone as the mobile device, anda bracelet shaped personal digital ID device with a button. The onlinebookseller stores credit card information in a user's account andrequires users to authenticate to the cloud service before allowingaccess to the user's account.

A user in possession of both personal digital ID device 400 and mobiledevice 330 wishes to purchase an item from the bookseller's onlinestore. The user opens an application on mobile device 330. Thisapplication may be a web browser or any other application that providesaccess to the bookseller's online store. The mobile device then promptsthe user to press the button on the personal digital ID device in orderto authenticate. The user presses the button and is authenticated to theonline bookseller. In some embodiments, this is the extent of userinvolvement in the authentication process. That is to say, after onebutton press, the user is authenticated. In other embodiments, theauthentication sequence may require more interaction from the user. Forexample, the user may also be required to enter a password or answer asecurity question using mobile device 330, or the like.

The user authenticated by pressing the button once in previous example.In some embodiments, the user authenticates by pressing the button twiceor more times. In still further embodiments, the user is authenticatedonly after pressing the button for longer than a predetermined durationof time (e.g., longer than a threshold).

After the user interacted with the button, one more actions took placewithout the user's involvement. For example, in response to the buttonpress, personal digital ID device 400 made a security mechanismavailable or communication over radio link 402. In some embodiments,personal digital ID device 400 makes the security device available bypowering up a radio for a predetermined amount of time.

FIG. 5 shows a user interacting with the personal digital identitydevice of FIG. 4. In the example of FIG. 5, a user is wearing personaldigital ID device 400 on a wrist. The button is pressed to authenticateto service 510 over radio link 502. Note that radio link 502 is notnecessarily the same as radio link 402 (FIG. 4). In some embodiments,radio link 402 may be a non-near-field radio link, and radio link 502may a near-field radio link. In other embodiments, radio link 402 may bea near-field radio link, and radio link 502 may a non-near-field radiolink. In still further embodiments, both radio links 402 and 502 arenear-field radio links or non-near-field radio links.

Service 510 may be a service accessible on a mobile device such asmobile device 330 (FIG. 3), or may be a service accessible through amobile device, such as service 440 (FIG. 4). Service 510 may also be aservice unrelated to a mobile device. For example, service 510 may be abuilding access control device. In these embodiments, a button press mayprovide a user access to a building. Also for example, service 510 maybe a point of sale (POS) device, a set top box, a kiosk, or the like. Inthese embodiments, a button press may effect a mobile payment resultingin the purchase of digital or physical goods.

Service 510 may be thick or thin application on a smartphone, or awebsite running on a tablet or any combination. Service 510 may also bein the cloud, in which case, personal digital ID device 400 communicateswith a mobile device (e.g., smartphone), which then communicates withthe service in the cloud.

Service 510 may also be an application running on another device, suchas a phone, a device in the cloud, or a device on the other end of anear field link, such as a POS or a kiosk.

FIG. 6 shows a block diagram of a personal digital identity device inaccordance with various embodiments of the present invention. Personaldigital ID device 600 shows an example architecture for personal digitalID device 300 (FIG. 3) or personal digital ID device 400 (FIG. 4), orany of the other personal digital ID devices described herein.

Personal digital ID device 600 includes controller 610, radio 620,button 410, LEDs 420, and crypto/cipher engine 632 with digitalidentifier 633. Button 410 is an example of a hardware-based interactiondevice as described above. LEDs 420 are also described above. Radio 620may be any type of radio, including a near-field radio or a non-nearfield radio.

Controller 610 is coupled to button 410, LEDs 420, radio 620, andcrypto/cipher engine 632. Controller 610 is any type of controllercapable of making digital identifier 633 available over radio link 602in response to user interaction with button 410. For example, in someembodiments, controller 610 may be a dedicated state machine that is notprogrammable beyond its initial design, although this is not alimitation of the present invention. In these embodiments, controller610 may not be modified by a user with ill intent without modifyinghardware. This is a difficult task and adds to security. In otherembodiments, controller 610 is a microcontroller with a dedicated, hardcoded, program store. In these embodiments, controller 610 performsactions in response to stored instructions; however, modifyinginstructions still requires a change in hardware. In still furtherembodiments, controller 610 is a processor such as a microprocessor or adigital signal processor. In these embodiments, controller 610 performsactions in response to executing stored instructions. An examplepersonal digital ID device with a processor is described below withreference to FIG. 7.

Crypto/cipher engine 632 is any device that can provide a secure datastore and/or encryption capabilities in the service of personal digitalID device 600. For example, in some embodiments, crypto/cipher engine632 may be a dedicated secure storage and computation area withincontroller 610 that stores and processes digital identifier 633, eitheras encrypted data or as clear data or in any combination of encryptedand clear data. In other embodiments, controller 610 is part of thecrypto/cipher engine 632 and crypto/cipher engine 632 is a smartcardsecure element. In other embodiments, crypto/cipher engine 632 isseparate from controller 610, such as a smartcard secure element.Various embodiments having smartcard secure elements are described inmore detail below.

In operation, personal digital ID device 600 provides identity and/orauthentication services to a user in response to user interaction withthe device. For example, in some embodiments, controller 610 turns onradio 620 for a predetermined period of time (e.g., a few seconds to afew minutes) in response to user interaction with button 410. Also forexample, in some embodiments, controller 610 makes services provided bycrypto/cipher engine 632 (including, but not limited to, digitalidentifier 633) available over radio link 620 for a predetermined periodof time in response to user interaction with button 410. The ID and/orauthentication services may be used to authenticate a user to a mobiledevice or to a cloud service, or to any other service. The predeterminedperiod of a few seconds to a few minutes is provided as an example, andthe various embodiments of the invention are not so limited.

Digital identifier 633 may take on any form. For example, in someembodiments, digital identifier 633 may represent an actual identitysuch as a credit card number or a more complex combination of variousdata and a program executing on the data to uniquely identify thepersonal digital ID device. An example of a program executing could be asecurity applet such as PKCS #15 or payment applet such as a Visa VSDCapplet running on a java card operating system of a smartcard device.Here the smartcard device is the crypto/cipher engine. An example ofvarious data could be an X.509 Certificate or Visa Card PersonalizationData. In some embodiments, digital identifier 633 may be a fixed value,and in other embodiments, digital identifier 633 may be a variablevalue. For example, in some embodiments, digital identifier 633 mayinclude random information that pads the actual useful data forobfuscation purposes.

In some embodiments, digital identifier 633 may be a password, afingerprint, or other user authentication factor (UAF), encrypted or inthe clear; digital certificates, keys, keys for symmetric or asymmetriccryptography functions, unique digital identifiers, or the like. The UAFcan come to the personal digital ID device via any of the radio links,or from the personal digital ID device itself, or any combinationthereof.

In some embodiments, digital identifier 633 includes two shared secretkeys K1 and K2 that are shared with a cloud service. Once personaldigital ID device 600 is made available to a cloud service, the digitalID device could generate a random number R1, encrypt it with the sharedsecret key K1, and send it to the cloud service. The cloud service willthen decrypt R1 with key K1, then encrypt with key K2 both R1 andanother random value R2 and send the result back to personal digital IDdevice 600. Personal digital ID device 600 will then decrypt thispayload with K2. If it successfully recovers R1 then it knows that it iscommunicating with an authenticated cloud service that it trusts.Personal digital ID device 600 then encrypts R2 back with K1 and sendsit to the cloud service which will in turn decrypt it with K1 and if itsuccessfully recovers R2 then it knows that it is communicating with anauthenticated personal digital ID device it trusts. The use of K1, K2,R1, and R2 are mere examples. The authentication sequence of events isalso provided as an example. Other embodiments use differentauthentication sequences. The authentication sequence mentioned abovecould involve more complex steps such as the use of public keyinfrastructure standards such as PKCS or involve methods forchallenge-response. The connection made available could not only be usedfor authentication or mutual authentication but also for establishmentof a secure channel between the personal digital ID device and the cloudservice where additional unique data stored in the personal digital IDdevice such as payment information could then be communicated securelyby encrypting with a session specific key such as R2 to enacttransactions in the cloud service.

Again, the use of R2 for secure communication post secure mutualauthentication is only to be considered an example. The entire set ofprocesses defined above is to illustrate what it means to make thepersonal digital ID device available to a service in response to userinteraction. Many such processes are possible and known to those skilledin the art of security engineering, cyber security, secure identity,identity management, trusted service management, or smartcard protocols.Such processes could also help the intermediate device send secureinformation to a cloud service or receive secure information from thecloud service. Such secure information could be but not limited totransactions and outcomes, additional personal information, files,emails, voice connections, and messages.

FIG. 7 shows a block diagram of a personal digital identity device inaccordance with various embodiments of the present invention. Personaldigital ID device 700 shows an example architecture for personal digitalID device 300 (FIG. 3) or personal digital ID device 400 (FIG. 4), orany of the other personal digital ID devices described herein.

Personal digital ID device 700 includes processor 710, non-near-fieldradio 720, button 410, LEDs 420, memory 712, charging circuits 722,battery 724, sensors 740, secure element (SE) 732, and near-field radio734. Button 410 is an example of a hardware-based interaction device asdescribed above. LEDs 420 are also described above. Although FIG. 7shows a non-near-field radio communicating over link 702, this is not alimitation of the present invention. For example, in some embodiments,radio 720 is a near-field radio.

Processor 710 may be any type of processor capable of executinginstructions stored in memory 712 and capable of interfacing with thevarious components shown in FIG. 7. For example, processor 710 may be amicroprocessor, a digital signal processor, an application specificprocessor, or the like. In some embodiments, processor 710 is acomponent within a larger integrated circuit such as a system on chip(SOC) application specific integrated circuit (ASIC).

Memory 712 may include any type of memory device. For example, memory712 may include volatile memory such as static random access memory(SRAM), or nonvolatile memory such as FLASH memory. Memory 712 isencoded with (or has stored therein) one or more software modules (orsets of instructions), that when accessed by processor 710, result inprocessor 710 performing various functions. In some embodiments, memory710 includes a software application to turn on one or both of radios 720and 734 in response to user interaction, and does not include anoperating system (OS). The lack of an operating system increases thesecurity of personal digital ID device 700 in part because it is moredifficult for a hacker to run illicit software on the device. The lackof an operating system in personal digital ID device 700 is not alimitation of the present invention.

Memory 712 represents a computer-readable medium capable of storinginstructions, that when accessed by processor 710, result in theprocessor performing as described herein. For example, when processor710 accesses instructions within memory 712, processor 710 turns on oneor both of radios 720 and 734 in response to user interaction.

Secure element 732 provides secure information storage. In someembodiments, secure element 732 is a smartcard compatible secure elementcommonly found in credit card applications and/or security applications.Near-field radio 734 provides near field communications capabilitybetween mobile device personal digital ID device 700 and other devicesnearby. In some embodiments, near-field radio 734 may be an ISO 14443compatible radio operating at 13.56 megahertz, although this is not alimitation of the present invention.

In some embodiments, secure element 732 is combined with near-fieldradio 734 in a single integrated circuit such as a smartcard controller.In other embodiments, secure element 732, or a combination of secureelement 732 and near-field radio 734 are integrated into anothersemiconductor device such as processor 710.

Examples of smart card controllers that combine secure element 732 withnear field radio 734 are the “SmartMX” controllers sold by NXPSemiconductors N.V. of Eindhoven, The Netherlands. In some embodiments,the secure element has an ISO/IEC 7816 compatible interface thatcommunicates with other components within personal digital ID device 700(e.g., processor 710), although this is not a limitation of the presentinvention.

In some embodiments, secure element 732 includes applets, keys anddigital certificates. Digital certificates are used to validate theidentity of the certificate holder. Certificate authorities typicallyissue digital certificates. Digital certificates and their functionalityare well known. Secure element applets and encryption keys are also wellknown. In some embodiments, personal digital ID device 700 makesavailable one or more of applets, keys, and/or digital certificatesavailable to a service using either radio 720 or 734 in response to userinteraction for a predetermined duration. Applets, keys, andcertificates are examples of digital identifier 633 (FIG. 6).

Sensors 740 include one or more devices that may provide for userinteraction. For example, sensors 740 may include a fingerprint sensor,a microphone, an imager, a motion sensor (e.g., accelerometer), or thelike. In some embodiments, processor 710 may make a digital identifieravailable to a service in response to user interaction with one or moreof sensors 740. Various embodiments of user interaction with sensors 740are described more fully below.

Charging circuit 722 charges battery 724 and also senses the level ofcharge. For example, processor 710 may sense the battery charge levelusing charging circuit 722 and report the charge level using LEDs 420.

Battery 724 may be any type of battery capable of powering thecomponents shown in FIG. 7. In some embodiments, battery 724 isremovable, and in other embodiments, battery 724 is nonremovable.

Terminals 725 are used to provide power to the various components inpersonal digital ID device 700. Individual connections are not shown. Insome embodiments, terminals 725 are disconnected when a connector onpersonal digital ID device 700 is disconnected. See FIG. 21 below.

FIG. 8 shows a block diagram of a personal digital identity device inaccordance with various embodiments of the present invention. Personaldigital ID device 800 shows an example architecture for personal digitalID device 300 (FIG. 3) or personal digital ID device 400 (FIG. 4), orany of the other personal digital ID devices described herein.

Personal digital ID device 800 includes all the component of personaldigital ID device 700 (FIG. 7), and also includes multiple secureelements 832. In some embodiments, the different secure elements areused for different purposes. For example, one secure element may be usedfor access control, while another secure element may be use forpayments, and still another secure element may be used forauthentication to a service.

FIG. 9 shows a personal digital identity device interacting with alaptop computer and cloud service in accordance with various embodimentsof the present invention. As shown in FIG. 9, a user is wearing personaldigital ID device 900, which is in the shape of a bracelet. Personaldigital ID device 900 is shown communicating with a mobile device 910(e.g. laptop computer) using a non-near field radio (e.g., BLUETOOTH™).The mobile device is in turn shown communicating with a cloud service440.

Personal digital ID device 900 communicates with mobile device 900 afteruser interaction. Example user interactions include, but are not limitedto, button presses, motions, fingerprints, images, audio communications,or the like or any combination thereof. Examples of these userinteractions and others are described more fully below.

In some embodiments some or all of the user authentication factors (UAF)such as fingerprints, motions, images or even passwords or PIN, or thelike or any combination thereof or any representation of such, couldcome to the personal digital ID device including 900 via the a radiolink such as the BLUETOOTH™ non-near field radio from a mobile devicesuch as the laptop computer. The type of radio link (e.g. BLUETOOTH™)and the type of mobile device (e.g. laptop computer) for the personaldigital ID device to receive UAF are provided as examples and thevarious embodiments of the invention are not so limited.

FIG. 10 shows a personal digital identity device interacting with apoint of sale terminal in accordance with various embodiments of thepresent invention. As shown in FIG. 10, a user is wearing personaldigital ID device 900, which is in the shape of a bracelet. Personaldigital ID device 900 is shown communicating with point of sale (POS)device 1010 using a near field radio (e.g., ISO 14443).

Personal digital ID device 900 communicates with POS 1010 after userinteraction. Example user interactions include, but are not limited to,button presses, motions, fingerprints, images, audio communications, orthe like or any combination thereof. Examples of these user interactionsand others are described more fully below.

FIG. 11 shows a personal digital identity device with a removablecrypto/cipher engine in accordance with various embodiments of thepresent invention. Personal digital ID device 1100 is shown accepting asubscriber identity module (SIM) card 1110, which includes a smartcardsecure element, where the smartcard secure element is the crypto/cipherengine. In these embodiments, identities may be quickly changed. Forexample, a user may purchase personal digital ID device 1100 and thenpersonalize it by inserting SIM card 1110 with the user's digitalidentifier installed. In some embodiments there may be more than one SIMcard.

FIG. 12 shows a personal digital identity device with a fingerprintsensor in accordance with various embodiments of the present invention.Personal digital ID device 1200 includes a button with an integratedfingerprint sensor on the surface of the button. In operation, a usermay press the button to interact with personal digital ID device 1200 asdescribed above. In addition, personal digital ID device 1200 may take afingerprint of the user.

In some embodiments, this corresponds to processor 710 (FIG. 7)receiving a fingerprint when the user presses the button. Thefingerprint (or data representing the fingerprint) may be passed to SE732 for comparison with a stored fingerprint to validate the user. Ifthere is a match, the user is validated, and then the personal digitalID device may allow communication with a service outside the device.

Fingerprints may also be collected or verified during setup orconfiguration of personal digital ID device 1200. Setup andconfiguration are described more fully below.

FIG. 13 shows a user interacting with the personal digital identitydevice of FIG. 12. As shown in FIG. 13, the user wearing personaldigital ID device 1200 is pressing the button and providing afingerprint at the same time. In response to the user interaction,personal digital ID device 1200 communicates with service 510.

In some embodiments the fingerprint user authentication factor comes tothe personal digital ID device 1200 via its radio link.

FIG. 14 shows a personal digital identity device with a motion sensor inaccordance with various embodiments of the present invention. Personaldigital ID device 1400 includes an embedded motion sensor 1420. Embeddedmotion sensor 1420 may be any type of sensor capable of detectingmotion. For example, motion sensor 1420 may be an accelerometer. Inoperation, a user may make motions to interact with personal digital IDdevice 1400 as described above.

In some embodiments, this corresponds to processor 710 (FIG. 7)receiving data from motion sensor 1420 that describes motion of thedevice. The data representing the motion may be passed to SE 732 forcomparison with a stored value to validate the user. If there is amatch, the user is validated, and then the personal digital ID devicemay allow communication with a service outside the device.

Motion data may also be collected or verified during setup orconfiguration of personal digital ID device 1400. Setup andconfiguration are described more fully below.

In some embodiments the motion data user authentication factor comes tothe personal digital ID device 1400 via its radio link.

FIGS. 15 and 16 show users interacting with the personal digitalidentity device of FIG. 14. In FIG. 15, a user is shown interacting withpersonal digital ID device 1400 by making gross arm movements. In someembodiments, this may correspond to a gesture that is recognized bypersonal digital ID device 1400. When the gesture is recognized,personal digital ID device 1400 may allow communication with a serviceoutside the device.

In FIG. 16, a user is shown interacting with personal digital ID device1400 by making fine movements. In some embodiments, the fine movementsare performed making a series of tapping motions with varying spacingand intensity. This may be viewed by a user as similar to typing apassword, but instead of remembering and typing a character sequence,the user remembers and taps a rhythmic sequence.

FIG. 17 shows a personal digital identity device with an imager inaccordance with various embodiments of the present invention. Personaldigital ID device 1700 includes an imager 1710. Imager 1710 may be anytype of image capture device. For example, imager 1710 may be a CMOScamera similar to those commonly found in smartphones. In operation, auser may capture an image to interact with personal digital ID device1700 as described above.

In some embodiments, this corresponds to processor 710 (FIG. 7)receiving an image from imager 1710. The image may be of anything. Forexample, the image may be of a user's face, a user's personalpossession, a landmark, or any other item. The data representing theimage may be passed to SE 732 for comparison with a stored value tovalidate the user. If there is a match, then the personal digital IDdevice may allow communication with a service outside the device.

Image data may also be collected or verified during setup orconfiguration of personal digital ID device 1700. Setup andconfiguration are described more fully below.

FIG. 18 shows a user interacting with the personal digital identitydevice of FIG. 17. As shown in FIG. 18, the user wearing personaldigital ID device 1700 is capturing an image with imager 1710. Inresponse to the user interaction, the user is validated, and personaldigital ID device 1700 communicates with service 510.

In some embodiments the captured image user authentication factor comesto the personal digital ID device 1700 via its radio link.

FIG. 19 shows a personal digital identity device with a microphone inaccordance with various embodiments of the present invention. Personaldigital ID device 1900 includes a microphone 1910. Microphone 1910 maybe visible on personal digital ID device 19, or may not be visible. Inoperation, a user provides an audio signal to interact with personaldigital ID device 1900 as described above.

In some embodiments, this corresponds to processor 710 (FIG. 7)receiving audio data from microphone 1910. The audio may representanything. For example, a user may speak a phrase or provide anothersignature. The data representing the audio may be passed to SE 732 forcomparison with a stored value to validate the user. If there is amatch, the user is validated, and then the personal digital ID devicemay allow communication with a service outside the device. In someembodiments, this corresponds to performing a voiceprint analysis.

Audio data may also be collected or verified during setup orconfiguration of personal digital ID device 1900. Setup andconfiguration are described more fully below.

FIG. 20 shows a user interacting with the personal digital identitydevice of FIG. 19. As shown in FIG. 20, the user wearing personaldigital ID device 2000 is capturing audio information with microphone2010. In response to the user interaction, personal digital ID device2000 communicates with service 510.

In some embodiments the audio information user authentication factorcomes to the personal digital ID device 2000 via its radio link.

FIG. 21 shows a personal digital identity device with a connector.Personal digital ID device 2100 includes connector 2110. In someembodiments, connector 2110 is strictly a mechanical connector. Forexample, connector 2110 may be disconnected while all electricalfunctionality remains intact. In other embodiments, connector 2110 is amechanical connector as well as an electrical connector. In theseembodiments, the electrical connector may disconnect the battery whenthe connector is open. In operation, connector 2110 allows the braceletshape of personal digital ID device 2100 to be open or closed.

FIG. 22 shows an alternate form factor personal digital identity devicein accordance with various embodiments of the present invention.Personal digital ID device 2200 is shown as a key fob, but this is not alimitation of the present invention. For example, personal digital IDdevice 2200 may take any form, including for example, a credit cardshape.

FIG. 23 shows a flowchart of methods in accordance with variousembodiments of the present invention. In some embodiments, method 2300may be performed by a personal digital ID device such as any of thoseshown in previous figures. Further, in some embodiments, method 2300 maybe performed by a processor such as processor 710 (FIG. 7). Method 2300is not limited by the type of system or entity that performs the method.The various actions in method 2300 may be performed in the orderpresented, in a different order, or simultaneously. Further, in someembodiments, some actions listed in FIG. 23 are omitted from method2300.

Method 2300 begins at 2310 in which a user interacts with ahardware-based interaction device on a personal digital identity device.In some embodiments, this corresponds to a user pressing a button, orproviding a fingerprint, motion, an image, or audio. At 2320, acrypto/cipher engines provides authentication services.

In some embodiments, the actions of method 2300 are performed by aprocessor configured to perform the operations by virtue of storedsoftware instructions. For example, processor 710 (FIG. 7) may beconfigured to perform actions corresponding to receiving userinteractions, and making a digital identifier available for apredetermined time in response thereto. The digital identifier may bemade available by turning one or more radios, such as a near-field radioand/or a non-near field radio.

FIG. 24 shows a flowchart of methods in accordance with variousembodiments of the present invention. In some embodiments, method 2400may be performed by a personal digital ID device such as any of thoseshown in previous figures. Further, in some embodiments, method 2400 maybe performed by a processor such as processor 710 (FIG. 7). Method 2400is not limited by the type of system or entity that performs the method.The various actions in method 2400 may be performed in the orderpresented, in a different order, or simultaneously. Further, in someembodiments, some actions listed in FIG. 24 are omitted from method2400.

Method 2400 begins at 2410 in which a user interacts with ahardware-based interaction device on a personal digital identity device.In some embodiments, this corresponds to a user pressing a button, orproviding a fingerprint, motion, an image, or audio. Different actionsare taken depending on the number of button presses. If there has beenone button press 2420, then the personal digital ID device displays abattery level at 2422. If there have been two button presses 2430, thenthe personal digital ID device makes a digital identifier available fora predetermined duration at 2432. If there have been three buttonpresses 2440, then the personal digital ID device performs a reset at2442.

In some embodiments, the actions of method 2400 are performed by aprocessor configured to perform the operations by virtue of storedsoftware instructions. For example, processor 710 (FIG. 7) may beconfigured to perform actions corresponding to receiving userinteractions, and performing different actions based on the type of userinteraction that occurred.

Method 2400 provides one set of possible actions that are performed inresponse to different user interactions. In some embodiments, differentuser interactions are received, and different actions are performed inresponse. For example, a user may press a button for a predeterminedduration rather than just once, twice, etc. Any action may be taken inresponse to the long button press. Also for example, a user may providea fingerprint, motion, imagery, or audio. In some embodiments, these maybe provided in addition to a button press.

FIG. 25 shows a flowchart of methods in accordance with variousembodiments of the present invention. In some embodiments, method 2500may be performed by a personal digital ID device such as any of thoseshown in previous figures. Further, in some embodiments, method 2500 maybe performed by a processor such as processor 710 (FIG. 7). Method 2500is not limited by the type of system or entity that performs the method.The various actions in method 2500 may be performed in the orderpresented, in a different order, or simultaneously. Further, in someembodiments, some actions listed in FIG. 25 are omitted from method2500. The actions of method 2500 provide for configuration or setup of apersonal digital ID device.

Method 2500 begins at 2510 in which a user provides a userauthentication factor (UAF). The user authentication factor may be anyinformation provided by a user to authenticate. Examples include, butare not limited to voiceprint, motion, fingerprint, or imagery. At 2520,the user interacts with the personal digital identity device. In someembodiments, this corresponds to pressing a button one or more times, orpressing a button for a predetermined duration. At 2530, communicationsparameters are set. In some embodiments, this corresponds to aBLUETOOTH′ radio becoming discoverable or discovering other devices. At2540, the UAF (or a digital representation thereof) is stored. In someembodiments, LEDs, such as LEDs 420 (FIG. 4) are used to reportcommunication parameters.

Although the present invention has been described in conjunction withcertain embodiments, it is to be understood that modifications andvariations may be resorted to without departing from the spirit andscope of the invention as those skilled in the art readily understand.Such modifications and variations are considered to be within the scopeof the invention and the appended claims.

What is claimed is:
 1. A personal digital ID device comprising: acrypto/cipher engine having at least one digital identifier includingone or more keys for challenge-response; a near field radio; a non-nearfield radio; and a processor; wherein the processor, the crypto/cipherengine, the near field radio, and the non-near field radio areconfigured to make the one or more keys for challenge-response availableto perform authentication with a cloud service through a mobile deviceusing the non-near field radio, and are further configured to make theone or more keys for challenge-response available to performauthentication with an access control device using the near field radio.2. The personal digital ID device of claim 1 wherein the access controldevice comprises a building access control device.
 3. The personaldigital ID device of claim 2 further comprising a hardware basedinteraction component accessible to a user of the personal digital IDdevice.
 4. The personal digital ID device of claim 3 wherein theidentity authentication to a cloud service occurs only after the userinteracts with the hardware based interaction component.
 5. The personaldigital ID device of claim 3 wherein the identity authentication to abuilding access control device occurs only after the user interacts withthe hardware based interaction component.
 6. The personal digital IDdevice of claim 2 wherein the one or more keys comprises a firstcryptographic key to perform authentication to the cloud service, and asecond cryptographic key to perform authentication to the buildingaccess control device.
 7. The personal digital ID device of claim 6wherein the first cryptographic key and the second cryptographic key arethe same.
 8. A personal digital ID device comprising: a near fieldradio; a non-near field radio; and a smartcard secure element includingat least one digital identifier; wherein the smartcard secure elementmakes use of the at least one digital identifier to provide identityauthentication to a cloud service through a mobile device using thenon-near field radio, and makes use of the at least one digitalidentifier to provide identity authentication to an access controldevice using the near field radio.
 9. The personal digital ID device ofclaim 8 wherein the access control device comprises a building accesscontrol device.
 10. The personal digital ID device of claim 9 furthercomprising a hardware based interaction component accessible to a userof the personal digital ID device.
 11. The personal digital ID device ofclaim 10 wherein the identity authentication to a cloud service occursonly after the user interacts with the hardware based interactioncomponent.
 12. The personal digital ID device of claim 10 wherein theidentity authentication to a building access control device occurs onlyafter the user interacts with the hardware based interaction component.13. The personal digital ID device of claim 9 wherein the at least onedigital identifier comprises at least one cryptographic key.
 14. Thepersonal digital ID device of claim 13 wherein the at least onecryptographic key comprises a first cryptographic key to provideidentity authentication to the cloud service, and a second cryptographickey to provide identity authentication to the building access controldevice.
 15. The personal digital ID device of claim 14 wherein the firstcryptographic key and the second cryptographic key are the same.
 16. Thepersonal digital ID device of claim 9 wherein providing identityauthentication comprises executing at least one security applet on thesmartcard secure element.
 17. The personal digital ID device of claim 16wherein the at least one security applet comprises a first securityapplet to provide identity authentication to the cloud service, and asecond security applet to provide identity authentication to thebuilding access control device.
 18. The personal digital ID device ofclaim 17 wherein the first security applet and the second securityapplet are the same.
 19. A personal digital ID device comprising: acrypto/cipher engine having at least one digital identifier; a nearfield radio; a non-near field radio; and a processor; wherein theprocessor, the crypto/cipher engine, the near field radio, and thenon-near field radio are configured to make the at least one digitalidentifier available to perform authentication with a cloud servicethrough a mobile device using the non-near field radio, and are furtherconfigured to make the at least one digital identifier available toperform authentication with an access control device using the nearfield radio.
 20. The personal digital ID device of claim 19 wherein theaccess control device comprises a building access control device. 21.The personal digital ID device of claim 20 further comprising a hardwarebased interaction component accessible to a user of the personal digitalID device.
 22. The personal digital ID device of claim 20 wherein the atleast one digital identifier is made available to the cloud service onlyafter the user interacts with the hardware based interaction component.23. The personal digital ID device of claim 19 wherein the crypto/cipherengine comprises at least one smartcard secure element.